[openssl-users] Differences in openssl 0.9.8 and 1.0.1x for private pem key file
Dave Thompson
dthompson at prinpay.com
Mon Dec 22 12:57:48 UTC 2014
> From: openssl-users On Behalf Of Jaya Nageswar
> Sent: Monday, December 22, 2014 05:51
> In our application, we have been using openssl 0.9.8 and trying to move to
> openssl 1.0.1x as 0.9.8 is going to be EOS by December 2015. We have a
> sample application where we try to read a sample pem key file, create an
> EVP_PKEY indirectly using PEM_read_bio_PrivateKey [and] try to create
> pem key files encrypted using different ciphers like (RC2, RC4 etc.).
<snip lots of mechanism>
The mechanism was refactored some, but the visible change is deliberate.
There have long been routines for the algorithm-specific "traditional"
formats PEM_read/write_RSAPrivateKey/DSAPrivateKey/ECPrivateKey
AND for the newer standard and algorithm-generic PKCS8 format
PEM_read/write_PKCS8PrivateKey.
Through 0.9.8 PEM_write_PrivateKey used (the appropriate one of)
traditional formats; in 1.0.0 and later it changed to use PKCS8.
If you want to continue writing traditional formats in 1.0.0+ call
specifically _write_RSAPrivateKey, _write_DSAPrivateKey, etc.
using the algorithm-specific struct from (instead of) EVP_PKEY.
At least for now; there is another thread started just a few days ago
about all PEM formats used by OpenSSL suggesting the traditional
privatekey forms are obsolete and maybe should be deleted!
Note all PEM_read_xyzPrivateKey routines can read *either*
format, legacy or PKCS8, distinguished by the BEGIN line, although
if e.g. you _read_RSAPrivateKey and the file is PKCS8 for *another*
algorithm that's an error; if you _read_PKCS8PrivateKey it accepts
any algorithm into an EVP_PKEY.
If you are writing differently-encrypted privatekey files because
you are concerned with key security, note one reason PKCS8
encrypted is preferred over traditional encrypted formats is
that PKCS8 allows and OpenSSL uses a much stronger PBE
key derivation compared to the older and weaker but
now set in stone and unchangeable one for traditional.
On checking I see the PEM_most manpage has not
been updated for this change.
More information about the openssl-users
mailing list